Hello, all -
I'm trying to do some research on some of the best practices to deploying a server that would be on a private LAN. This server would not have any Internet connectivity - it would be used to facilitate the workings of a proprietary client program that would contact this server for specific information.
I have managed to bring down the install of a FC3 release to just under 500M. Although I am not satisfied with this yet, that is pretty small compared to what I've done and seen in the past. I'll keep working on that one.
The problem that I'm faced with is that no one should be allowed to tamper with this server. No one should be able to log in, change settings, or anything of the like.
I've had several ideas, which all have their own pitfalls:
Encrypted filesystem with a key located on the disk so that the system can decrypt on the fly as it needs to. This is done so that the drive cannot be transferred to another machine and booted, or cannot be "browsed" if it were a slave to another machine. This would not quite work because the key is still physically there, and anyone with enough time an initiative on their hands can spend a few weeks and a dozen cases of beer and figure this out.
Making my own form of init, that would not allow for getty or anything such as that. But again, anyone can take this drive into another machine, or boot directly off of the machine.
Creating the system so that it will not "work" with any cdrom devices. Then I'd have to get a list of devices that are CDROMs, and make the system not "read" those. I'd do the same with hard disks. But even this information can be forged, and it just sounds funny.
How many of you guys have deployed servers like this in the past, where you did not want the client to haev the ability to tamper with said machine? What did you do to prevent this type of activity, if anything? I'm just fishing for answers here.
Thanks -dant
